Cannot connect to a virtual machine in a peered VNET

Question

Cannot connect to a virtual machine in a peered VNET

Hemant 41 Microsoft External Staff

creating a website from azure portal and my SQL database is on Azure VM which is considered as on-prem.
User's image

Removed PII

Hemant 41 Reputation points Microsoft External Staff

2026-03-19T02:52:03.07+00:00

App Service subnet xx.xx.x.x/27 is routed via virtual appliance xx.xx.x.x. DNS resolution for corp domains fails. Please allow and forward DNS traffic (UDP 53 and TCP 53) from xx.xx.x.x**/27** through the appliance to the same upstream DNS path used by VM subnet xx.xx.x.x**/26**.

Removed PII
Ravi Varma Mudduluru 9,440 Reputation points Microsoft External Staff Moderator

2026-03-19T04:21:15.5566667+00:00

Hello @ Hemant

Thank you for contacting us about the Vnet issue. We have begun looking into it and will share our suggestions with you as soon as possible.
Ravi Varma Mudduluru 9,440 Reputation points Microsoft External Staff Moderator

2026-03-19T04:32:55.5166667+00:00

Hello @ Hemant

Could you please check the private message and share the requested details there.

Answer accepted by question author

1 additional answer

Your answer

Hemant 41 Reputation points Microsoft External Staff

2026-03-19T02:52:03.07+00:00

App Service subnet xx.xx.x.x/27 is routed via virtual appliance xx.xx.x.x. DNS resolution for corp domains fails. Please allow and forward DNS traffic (UDP 53 and TCP 53) from xx.xx.x.x**/27** through the appliance to the same upstream DNS path used by VM subnet xx.xx.x.x**/26**.

Removed PII
Ravi Varma Mudduluru 9,440 Reputation points Microsoft External Staff Moderator

2026-03-19T04:21:15.5566667+00:00

Hello @ Hemant

Thank you for contacting us about the Vnet issue. We have begun looking into it and will share our suggestions with you as soon as possible.
Ravi Varma Mudduluru 9,440 Reputation points Microsoft External Staff Moderator

2026-03-19T04:32:55.5166667+00:00

Hello @ Hemant

Could you please check the private message and share the requested details there.

Answer 1

HI @Hemant

Thanks for confirming during the offline discussion that the issue is resolved. The connectivity issue between the Azure Cloud App Service and the on‑premises MS SQL Server was addressed by creating and configuring a Hybrid Connection. The required SQL connection string was then added to the App Service configuration. Connectivity was validated from the App Service runtime using a PowerShell command executed from the Kudu (Debug Console). The validation returned “Connection SUCCESSFUL! The Web App can reach the SQL database”, confirming that the Azure App Service can now successfully connect to the SQL Server.

Reference :

https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections?tabs=windows

https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=cli#configure-connection-strings

User's image

If the answer is helpful, Please do click "Accept the answer” and Yes, this can be beneficial to other community members.

If you have any other questions, let me know in the "comments" and I would be happy to help you

Answer 2

The SQL VM in the peered virtual network must be reachable at the network level and must allow SQL traffic. Use the following checks and configuration steps:

Verify VNet peering state

In the Azure portal, open each virtual network and select Peering.
Confirm the peering Status is Connected in both directions.
If not connected, fix the peering first; otherwise no traffic will pass between VNets.

Check basic VM‑to‑VM connectivity

From the web app’s VNet integration subnet (or from a test VM in that VNet), test connectivity to the SQL VM’s private IP:
- Use tools like TcpPing/PsPing to the SQL port (default 1433) or RDP/SSH port to confirm the VM is reachable.
If connectivity fails even though peering is Connected, use Network Watcher:
- Run Connection Troubleshoot and IP flow verify from the source to the SQL VM to see if an NSG or user‑defined route (UDR) is blocking traffic.

Validate NSG and route configuration

On the SQL VM’s subnet and NIC NSGs, ensure there is an Allow VNet Inbound rule and no higher‑priority deny rule blocking traffic from the peered VNet.
If using UDRs (for example, to send traffic through an NVA/firewall), temporarily remove or adjust the route and test again. If bypassing the NVA restores connectivity, troubleshoot the NVA configuration.

Check the SQL VM itself

On the SQL Server VM:
- Ensure the SQL service is listening on TCP (default 1433) and that the TCP/IP protocol is enabled.
- Confirm the Windows firewall allows inbound TCP 1433.
- If using SQL authentication, verify SQL Server authentication mode is enabled and a SQL login with the correct permissions exists.

DNS and name resolution

The nslookup timeout in the screenshot indicates the DNS server at 10.50.50.50 is not responding.
Either:
- Fix connectivity to that DNS server (same VNet/peered VNet, NSG/UDR/firewall rules), or
- Configure the web app’s VNet integration/subnet to use a DNS server that can resolve the SQL VM’s name, or
- Connect by the SQL VM’s private IP address instead of FQDN.

Confirm inter‑VNet connectivity end‑to‑end

If one Azure VM cannot connect to another, follow this sequence:
1. Check NIC configuration.
2. Check NSG and UDR for blocked traffic.
3. Check VM firewall.
4. Confirm the SQL service is listening on the expected port.
5. Validate inter‑VNet connectivity as above.

Once peering is Connected, NSGs/UDRs/firewalls allow traffic, DNS resolves (or IP is used), and SQL Server is listening with the correct authentication, the web app in one VNet can connect to the SQL VM in the peered VNet.

References:

Share via

Cannot connect to a virtual machine in a peered VNET

1 additional answer

Your answer